The Arctic Wolf Labs Threat Report provides insight into a tumultuous year for cybersecurity: Russia's invasion of Ukraine has disrupted the operations of leading ransomware groups. Ransomware-as-a-Service is on the rise.
A lack of multi-factor authentication (MFA) has fueled attacks on business email, and the Log4Shell and ProxyShell vulnerabilities continue to be exploited en masse more than a year after their initial disclosure
Business Email Compromise
One of the most noticeable trends in the threat landscape was a significant increase in the number of successful BEC attacks in 2022 compared to 2021. Business email compromise — also known as email account compromise (EAC) — is one Type of email fraud in which attackers pose as trusted contacts, such as executives or lawyers, and then trick victims into transferring money or divulging confidential information.
Business email compromise (BEC) attacks accounted for more than a quarter (29%) of incident responses last year, with the majority (58%) of victim organizations not enabling multi-factor authentication (MFA). had.
Rise of ransomware-as-a-service
Russia's invasion of Ukraine significantly disrupted the activities of threat actors in those two countries, resulting in a 26% year-on-year decrease in observed ransomware cases globally. At the same time, the use of ransomware as a services (RaaS) has increased, allowing even less-technical cybercriminals to execute ransomware attacks and disguise the identities of threat actors.
LockBit dominant ransomware group
Five ransomware variants accounted for the highest number of ransomware victims in 2022, all falling under the ransomware-as-a-service paradigm. To make matters worse, it has been proven that several ransomware variants are used simultaneously or that attackers jump back and forth between the variants and try different options. LockBit has established itself as the dominant ransomware group, with the e-crime organization having 822 listed victim organizations 248% more victims than BlackCat (ALPHV), the second most active group. Other groups were Conti, BlackBasta and Hive.
Unpatched vulnerabilities
Threat actors use different methods to gain access to their victims' systems: External attacks accounted for almost two-thirds (72%) in the last year, with 3% of security incidents due to misconfiguration of IT systems, 24% due to remote access hijacking and 45% were caused by known vulnerabilities for which security patches and updates were already available. The vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell), which became known in 2021, are still the two most common attack points (root points of compromise, RPOC) among the incident response cases at Arctic Wolf.
In addition to external attacks in which a technical vulnerability is exploited, there are methods in which the attacked users themselves (ignorantly) become active and e.g. B. open a malicious website or file. In the last year, 12% was due to phishing emails, 7% to poor password hygiene and previously leaked access data, 4% to other social engineering methods and 5% to other RPOCs.
More at ArcticWolf.com
About Arctic Wolf Arctic Wolf is a global leader in security operations, providing the first cloud-native security operations platform to mitigate cyber risk. Based on threat telemetry spanning endpoint, network and cloud sources, the Arctic Wolf® Security Operations Cloud analyzes more than 1,6 trillion security events per week worldwide. It provides company-critical insights into almost all security use cases and optimizes customers' heterogeneous security solutions. The Arctic Wolf platform is used by more than 2.000 customers worldwide. It provides automated threat detection and response, enabling organizations of all sizes to set up world-class security operations at the push of a button.
Matching articles on the topic